+

US20120042144A1 - Memory access control - Google Patents

Memory access control Download PDF

Info

Publication number
US20120042144A1
US20120042144A1 US13/067,812 US201113067812A US2012042144A1 US 20120042144 A1 US20120042144 A1 US 20120042144A1 US 201113067812 A US201113067812 A US 201113067812A US 2012042144 A1 US2012042144 A1 US 2012042144A1
Authority
US
United States
Prior art keywords
memory
access
modes
access control
control bits
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US13/067,812
Other versions
US8788775B2 (en
Inventor
Richard Roy Grisenthwaite
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ARM Ltd
Original Assignee
ARM Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ARM Ltd filed Critical ARM Ltd
Assigned to ARM LIMITED reassignment ARM LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GRISENTHWAITE, RICHARD ROY
Publication of US20120042144A1 publication Critical patent/US20120042144A1/en
Application granted granted Critical
Publication of US8788775B2 publication Critical patent/US8788775B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/145Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1483Protection against unauthorised use of memory or access to memory by checking the subject access rights using an access-table, e.g. matrix or list
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • G06F13/16Handling requests for interconnection or transfer for access to memory bus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30145Instruction analysis, e.g. decoding, instruction word fields
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30181Instruction operation extension or modification
    • G06F9/30189Instruction operation extension or modification according to execution mode, e.g. mode flag
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1004Compatibility, e.g. with legacy hardware

Definitions

  • This invention relates to the field of data processing systems. More particularly, this invention relates to the field of the control of access permissions to memory pages within the memory address space of a data processing system.
  • a particular memory page may be marked as accessible for reads and writes in a privileged exception level, but marked for only read access in a user exception level. Further access permissions which may be specified in addition to read and write access are the ability to execute program instructions read from a memory page.
  • the size of page table data has become a more significant factor. Reducing the amount of memory space needed to store the page table data by reducing the number of access control bits used is advantageous. Another factor in this regard is the desire to support different modes of operation using different instruction sets. In order to reduce the amount of memory space consumed by page table data, it is desirable that the page table data used by a newly introduced mode, such as a mode using a newly introduced instruction set, should be backward compatible with preceding page table data and a preceding instruction set.
  • the present invention provides apparatus for processing data comprising:
  • processing circuitry responsive to program instructions to perform data processing operations and configured to operate in a plurality of modes
  • memory management circuitry coupled to said processing circuitry and to a memory and configured to control access permissions to data values stored within said memory in dependence upon page table data;
  • said memory has a memory address space divided in to a plurality of memory pages and said page table data comprises a plurality of access control bits for each of said plurality of memory pages defining access permissions for a respective memory page;
  • said memory management circuitry is responsive to at least one instance of a redundant encoding in which a plurality of different combinations of said access control bits provides a same set of access permissions;
  • said memory management unit is responsive said plurality of different combinations of access control bits to provide a plurality of different sets of access permissions in a non-redundant encoding.
  • the present technique recognises that the access control bits as used in a first mode of operation include one or more instances of a redundant encoding.
  • a second mode of operation the different combinations of access control bits corresponding to this redundant encoding can be used to provide a plurality of different sets of access permissions thereby making more efficient use of the access control bits encoding space.
  • the first and second mode use the same number of access control bits to encode access permissions.
  • the present technique recognises that in practice, providing, for example, fully orthogonal and independent control of read access, write access and execute access in both user exception level and privileged exception level yields a number of possibilities for access permissions which are not in reality required, e.g.
  • the present technique goes further by recognising that redundant encodings within a first mode of operation may be used in a second mode of operation to provide different access permissions and make more efficient use of the access control bits.
  • the plurality of different sets of access permissions provided in the second mode of operation may include the same set of access permissions which correspond to the redundant encoding in the first mode thereby allowing the same page table data to be used in the first mode of operation and the second mode of operation.
  • the conventional view of access permissions results in the provision of control such that the access permissions must specify that data values stored within a memory page are readable in order for those data values to be executable.
  • a memory page may be executable whilst not being readable as data.
  • such an arrangement may be useful when program instructions are being translated within a virtualised system so that any attempt to read the non-translated instructions as data may be trapped and appropriate action taken to mask the virtualisation.
  • a plurality of exception levels including a user level and a privileged level with the privileged level providing greater access to resources of the apparatus (e.g. the privileged level may allow certain controls or configurations to be changed).
  • a first of the access control bit controls the memory management circuitry selectively to prevent execution of the instructions from the corresponding memory page when the processing circuitry is at both the user level and at the privileged level when the processing circuitry is in the first of the plurality of modes. Accordingly, this first access control bit effectively serves as an “execute never” flag when operating in the first mode.
  • This same first access control bit can be used with a different meaning within the second mode of operation namely to control the memory management circuitry selectively to prevent execution of instructions from a corresponding memory page when the processing circuitry is at the user level but not to control whether or not the processing circuitry can execute instructions from that memory page when it is at the privilege level. Accordingly, in this situation the same first access control bit when operating in the second mode serves as a “user execute never” bit.
  • a second of the access control bits may be used to control the memory management circuitry selectively to prevent execution of instructions from a corresponding memory page when the processing circuitry is at the privilege level and the processing circuitry is in either the first mode of operation or the second mode of operation.
  • This second of the access control bits thus serves as a “privilege execute never” bit.
  • the memory management circuitry permits execution of instructions from that memory page but does not permit read access or write access to the memory page.
  • the memory management circuitry may be responsive to an execute control overwrite parameter which prevents execution of instructions read from a memory page irrespective of any execute permission specified by the access control bits for that memory page when the access control bits for that memory page provide write access to that memory page.
  • the provision of both write access and execution access at the same time is a potential security vulnerability and accordingly preventing execution of memory pages which could be subject to alteration is a security enhancement.
  • the execute control override parameter permits such control to be provided in a simple manner and independently of the page table data itself (which may be large, complex and changing).
  • the different modes of operation could take a variety of different forms, but in at least some embodiments the first mode of operation corresponds to the processing circuitry being responsive to program instructions from a first instruction set and the second mode of operation corresponds to the processing circuitry being responsive to program instructions from a second instruction set.
  • the present invention provides apparatus for processing data comprising:
  • processing means for performing data processing operations in response to program instructions, said processing means being configured to operate in a plurality of modes;
  • memory management means coupled to said processing means and to a memory for controlling access permissions to data values stored within said memory in dependence upon page table data;
  • said memory has a memory address space divided in to a plurality of memory pages and said page table data comprises a plurality of access control bits for each of said plurality of memory pages defining access permissions for a respective memory page;
  • said memory management means is responsive to at least one instance of a redundant encoding in which a plurality of different combinations of said access control bits provides a same set of access permissions;
  • said memory management means is responsive said plurality of different combinations of access control bits to provide a plurality of different sets of access permissions in a non-redundant encoding.
  • the present invention provides a method of processing data comprising the steps of:
  • processing circuitry performing data processing operations with processing circuitry in response to program instructions, said processing circuitry being configured to operate in a plurality of modes;
  • said memory has a memory address space divided in to a plurality of memory pages and said page table data comprises a plurality of access control bits for each of said plurality of memory pages defining access permissions for a respective memory page;
  • said access control bits provide to at least one instance of a redundant encoding in which a plurality of different combinations of said access control bits provides a same set of access permissions;
  • Embodiments of the invention may also be provided in the form of a virtual machine comprising a general purpose computer controlled by a computer program to provide an execution environment for performing the above described techniques.
  • FIG. 1 schematically illustrates a data processing system including a memory management unit responsive to page table data for controlling memory accesses;
  • FIG. 2 is a table illustrating the mapping between access control bits of page table data and the access permissions provided in a first mode of operation and in a second mode of operation;
  • FIG. 3 is a flow diagram schematically illustrating the action of the memory management unit decoding access permissions.
  • FIG. 4 is a diagram schematically illustrating a virtual machine environment for implementing the above described techniques
  • FIG. 1 schematically illustrates a data processing system 2 including processing circuitry 4 in the form of processor core, coupled via a memory management unit 6 and a cache memory 8 to a main memory 10 .
  • the processing circuitry 4 includes a data path comprising a general purpose register bank 12 , a multiplier 14 , a shifter 16 and an adder 18 controlled by control signals generated by an instruction decoder 20 in response to program instructions passed along an instruction pipeline 22 .
  • the instruction decoder 20 is able to decode instructions from both a first instruction set and a second instruction set.
  • a mode register 24 stores a mode value controlling the instruction decoder 20 to decode the program instructions from the instruction pipeline 22 as either instructions from the first instruction set (ISA 0 ) or as instructions from the second instruction set (ISA 1 ).
  • the processing circuitry 4 as well as operating in the two different modes described above corresponding to the use of two different instruction sets, is also able to operate within each of these modes at a plurality of different exception levels, namely a user level and a privilege level.
  • An exception level register 26 stores data defining the current exception level of the processing circuitry 4 .
  • the processing circuitry 4 is able to access different resources within the data processing system 2 .
  • a privileged level more access to resources is normally given than at a user level. For example, some configuration parameters or instructions may only be available for charging or execution at the privileged level and may not be available at the user level.
  • the processing circuitry 4 when generating memory accesses produces a virtual address VA which is translated to a physical address PA by the memory management unit 6 .
  • the memory management unit 6 is also responsible for managing the access permissions associated with memory pages into which the memory address space of the main memory 10 is divided.
  • a translation lookaside buffer 28 within the memory management unit 6 performs the majority of virtual to physical address translations using a cached copy of the page table data 30 stored within the main memory 10 .
  • This page table data as well as specifying the virtual to physical address translation also specifies access permissions using access control bits.
  • the current mode and current exception level are checked against the access permissions to determine whether or not the memory access is authorised. Whether or not the memory access is authorised will also depend upon whether the memory access is a read memory access, a write memory access or an access seeking to fetch an instruction for execution from the memory page concerned.
  • the translated physical address PA output from the memory management unit 6 for a permitted memory access is passed to the cache memory 8 . If the cache memory 8 is storing the data concerned, then that memory access is serviced by the cache memory 8 . If the cache memory 8 is not storing the data concerned, then the memory access progresses to the main memory 10 .
  • the main memory includes a memory address space 32 divided into a plurality of memory pages 34 , 36 , 38 which can have different sizes and have different access permissions associated therewith. Also included within the memory address space 32 is the page table data 30 which stores the data defining the virtual to physical address mappings as well as the access control bits for controlling access permissions depending upon the mode of operation of the processing circuitry and the exception level of the processing circuitry 4 .
  • FIG. 2 is a table illustrating the relationship between the access control bits stored within the page table data 30 for a given memory page and the access permissions provided by those access control bits in the first mode of operation in and the second mode of operation as well as the different exception levels within those modes of operation. As will be seen, there are four access control bits in this example embodiment.
  • a first access control bit 40 corresponds to an execute never control bit applicable in both the user level and the privileged level when the processing circuitry 4 is in the first mode executing the first instruction set.
  • the first access control bit 40 serves as a user execute never control bit specifying whether or not execution is permitted for that memory page at the user level and having no control over whether or not execution is permitted from that memory page when at the privileged level.
  • a second access control bit 42 serves as a privilege execute never control bit.
  • the second access control bit 42 being the privilege execute never control bit and the first access control bit 40 being the user execute never control bit operate independently and orthogonally.
  • the first access control bit 40 acting as an execute never control bit is able to override the indication of the second access control bit 42 serving as the privilege execute never control bit.
  • the access control bits are decoded different and this redundancy is removed to provide a non-redundant encoding in which the access permissions given by the different combinations of access control bits correspond to different combinations of access permissions.
  • One of the combinations of access permissions given in the second mode is the same as the single combination of access permissions which is given in the first mode, thereby assisting backward compatibility. This same set of access permissions is marked with the “#” in FIG. 2 .
  • a memory page must be readable in order to be executable. This condition is not applied in the second mode of operation of the processing circuitry 4 .
  • the access permissions being execute only access permissions marked with a “*” in FIG. 2 correspond to a form of access permission which is not provided by the encoding within the first mode of operation.
  • the upper half of the encoding of the access control bits provides write access for at least some combinations of the access control bits whereas in the bottom half of the table, no write access is permitted.
  • the execute permissions provided when write access is available my be overridden by an execute control override parameter stored within a control register 44 of the memory management unit 6 as illustrated in FIG. 1 .
  • This execute control override parameter may be written under privileged level software control or may be set under hardware control if even greater security is desired.
  • execute permission for a memory page that is writeable will not be permitted even if the first access control bit 40 and/or the second access control bit 42 indicate that execute permission is allowed.
  • FIG. 3 is a flow diagram illustrating the action of the memory management unit 6 in decoding the access permissions when a memory access is received.
  • the memory management unit 6 waits for a memory access to be received.
  • the access control bits for the memory page corresponding to that virtual address of the memory access are read. Such a read of the access control bits may be performed by a lookup in the translation lookaside buffer 28 if the memory page concerned has been recently accessed or may alternatively require a page table walk through the page table data 30 as will be familiar to those in this technical field.
  • the access control bits are decoded in dependence upon the current mode of the processing circuitry (e.g. whether the processing circuitry is executing instructions of the first instruction set or instructions of the second instruction set) as well as the current exception level (e.g. whether the processing circuitry is at the user level or the privilege level) to determine the access permissions to be granted.
  • This decoding is in accordance with the table of FIG. 2 .
  • step 52 the decoded access permissions are compared with the memory access being attempted and a determination is made as to whether or not the memory access being attempted is a permitted memory access. If the memory access is not permitted, then step 54 generates a memory abort. If the memory access is permitted, then step 56 outputs the physical address corresponding to the received virtual address and the memory access is permitted to pass to the cache memory 8 or the main memory 10 as appropriate.
  • FIG. 4 illustrates a virtual machine implementation that may be used. Whilst the earlier described embodiments implement the present invention in terms of apparatus and methods for operating specific processing hardware supporting the techniques concerned, it is also possible to provide so-called virtual machine implementations of hardware devices. These virtual machine implementations run on a host processor 530 running a host operating system 520 supporting a virtual machine program 510 . Typically, large powerful processors are required to provide virtual machine implementations which execute at a reasonable speed, but such an approach may be justified in certain circumstances, such as when there is a desire to run code native to another processor for compatibility or re-use reasons.
  • the virtual machine program 510 provides an application program interface to an application program 500 which is the same as the application program interface which would be provided by the real hardware which is the device being modelled by the virtual machine program 510 .
  • the program instructions including the control of memory accesses described above, may be executed from within the application program 500 using the virtual machine program 510 to model their interaction with the virtual machine hardware.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A data processing system 2 including processing circuitry 4 operating in either a first mode or a second mode. Page table data 30 including access control bits 40, 42, is used to control permissions for memory access to memory pages. In the first mode, the access control bits include at least one instance of a redundant encoding. In the second mode, the redundant encoding is removed to provide more efficient use of the access control bit encoding space.

Description

    BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • This invention relates to the field of data processing systems. More particularly, this invention relates to the field of the control of access permissions to memory pages within the memory address space of a data processing system.
  • 2. Description of the Prior Art
  • It is known to provide data processing systems with memory management units responsive to page table data to control the access permissions to pages (continuous regions) of memory. As an example, a particular memory page may be marked as accessible for reads and writes in a privileged exception level, but marked for only read access in a user exception level. Further access permissions which may be specified in addition to read and write access are the ability to execute program instructions read from a memory page.
  • It is known from the PowerPC processor architecture to provide page table data including access control bits which independently and orthogonally specify for each of a privileged level and a user level whether read access, write access and execute access is permitted to a given memory page. This consumes six access control bits per memory page.
  • As the amount of memory being used within data processing systems is becoming larger and with the advent of techniques such as virtualisation requiring multiple sets of page table data, the size of page table data has become a more significant factor. Reducing the amount of memory space needed to store the page table data by reducing the number of access control bits used is advantageous. Another factor in this regard is the desire to support different modes of operation using different instruction sets. In order to reduce the amount of memory space consumed by page table data, it is desirable that the page table data used by a newly introduced mode, such as a mode using a newly introduced instruction set, should be backward compatible with preceding page table data and a preceding instruction set.
    • SUMMARY OF THE INVENTION
  • Viewed from one aspect the present invention provides apparatus for processing data comprising:
  • processing circuitry responsive to program instructions to perform data processing operations and configured to operate in a plurality of modes; and
  • memory management circuitry coupled to said processing circuitry and to a memory and configured to control access permissions to data values stored within said memory in dependence upon page table data; wherein
  • said memory has a memory address space divided in to a plurality of memory pages and said page table data comprises a plurality of access control bits for each of said plurality of memory pages defining access permissions for a respective memory page;
  • when said processing circuitry is in a first of said plurality of modes using a predetermined number of access control bits to encode access permissions, said memory management circuitry is responsive to at least one instance of a redundant encoding in which a plurality of different combinations of said access control bits provides a same set of access permissions; and
  • when said processing circuitry is in a second of said plurality of modes using said predetermined number of access control bits to encode access permissions, said memory management unit is responsive said plurality of different combinations of access control bits to provide a plurality of different sets of access permissions in a non-redundant encoding.
  • The present technique recognises that the access control bits as used in a first mode of operation include one or more instances of a redundant encoding. In a second mode of operation the different combinations of access control bits corresponding to this redundant encoding can be used to provide a plurality of different sets of access permissions thereby making more efficient use of the access control bits encoding space. The first and second mode use the same number of access control bits to encode access permissions. The present technique recognises that in practice, providing, for example, fully orthogonal and independent control of read access, write access and execute access in both user exception level and privileged exception level yields a number of possibilities for access permissions which are not in reality required, e.g. a memory page which was writeable at a user exception level but not writeable at a privileged exception level. The present technique goes further by recognising that redundant encodings within a first mode of operation may be used in a second mode of operation to provide different access permissions and make more efficient use of the access control bits.
  • As a way of providing advantageous backward compatibility, the plurality of different sets of access permissions provided in the second mode of operation may include the same set of access permissions which correspond to the redundant encoding in the first mode thereby allowing the same page table data to be used in the first mode of operation and the second mode of operation.
  • In the first mode of operation, the conventional view of access permissions results in the provision of control such that the access permissions must specify that data values stored within a memory page are readable in order for those data values to be executable. However, with the advent of a more widespread use of virtualisation techniques it can be useful in the second mode of operation that a memory page may be executable whilst not being readable as data. As an example, such an arrangement may be useful when program instructions are being translated within a virtualised system so that any attempt to read the non-translated instructions as data may be trapped and appropriate action taken to mask the virtualisation.
  • Within each of the different modes of operations, there may also be provided a plurality of exception levels including a user level and a privileged level with the privileged level providing greater access to resources of the apparatus (e.g. the privileged level may allow certain controls or configurations to be changed).
  • While it will be appreciated that the access control bits can be used to provide a plurality of different meanings and encode those meanings in different ways, in some embodiments a first of the access control bit controls the memory management circuitry selectively to prevent execution of the instructions from the corresponding memory page when the processing circuitry is at both the user level and at the privileged level when the processing circuitry is in the first of the plurality of modes. Accordingly, this first access control bit effectively serves as an “execute never” flag when operating in the first mode.
  • This same first access control bit can be used with a different meaning within the second mode of operation namely to control the memory management circuitry selectively to prevent execution of instructions from a corresponding memory page when the processing circuitry is at the user level but not to control whether or not the processing circuitry can execute instructions from that memory page when it is at the privilege level. Accordingly, in this situation the same first access control bit when operating in the second mode serves as a “user execute never” bit.
  • A second of the access control bits may be used to control the memory management circuitry selectively to prevent execution of instructions from a corresponding memory page when the processing circuitry is at the privilege level and the processing circuitry is in either the first mode of operation or the second mode of operation. This second of the access control bits thus serves as a “privilege execute never” bit.
  • It is surprisingly useful in some embodiments that for at least some combinations of the access control bits for a memory page when the processing circuitry is operating at the user level, the memory management circuitry permits execution of instructions from that memory page but does not permit read access or write access to the memory page.
  • In order to enhance security in a reliable way that is prone to errors in programming, the memory management circuitry may be responsive to an execute control overwrite parameter which prevents execution of instructions read from a memory page irrespective of any execute permission specified by the access control bits for that memory page when the access control bits for that memory page provide write access to that memory page. The provision of both write access and execution access at the same time is a potential security vulnerability and accordingly preventing execution of memory pages which could be subject to alteration is a security enhancement. The execute control override parameter permits such control to be provided in a simple manner and independently of the page table data itself (which may be large, complex and changing).
  • The different modes of operation could take a variety of different forms, but in at least some embodiments the first mode of operation corresponds to the processing circuitry being responsive to program instructions from a first instruction set and the second mode of operation corresponds to the processing circuitry being responsive to program instructions from a second instruction set.
  • Viewed from a further aspect the present invention provides apparatus for processing data comprising:
  • processing means for performing data processing operations in response to program instructions, said processing means being configured to operate in a plurality of modes; and
  • memory management means coupled to said processing means and to a memory for controlling access permissions to data values stored within said memory in dependence upon page table data; wherein
  • said memory has a memory address space divided in to a plurality of memory pages and said page table data comprises a plurality of access control bits for each of said plurality of memory pages defining access permissions for a respective memory page;
  • when said processing means is in a first of said plurality of modes using a predetermined number of access control bits to encode access permissions, said memory management means is responsive to at least one instance of a redundant encoding in which a plurality of different combinations of said access control bits provides a same set of access permissions; and
  • when said processing means is in a second of said plurality of modes using said predetermined number of access control bits to encode access permissions, said memory management means is responsive said plurality of different combinations of access control bits to provide a plurality of different sets of access permissions in a non-redundant encoding.
  • Viewed from a further aspect the present invention provides a method of processing data comprising the steps of:
  • performing data processing operations with processing circuitry in response to program instructions, said processing circuitry being configured to operate in a plurality of modes; and
  • controlling access permissions to data values stored within said memory in dependence upon page table data; wherein
  • said memory has a memory address space divided in to a plurality of memory pages and said page table data comprises a plurality of access control bits for each of said plurality of memory pages defining access permissions for a respective memory page;
  • when said processing circuitry is in a first of said plurality of modes using a predetermined number of access control bits to encode access permissions, said access control bits provide to at least one instance of a redundant encoding in which a plurality of different combinations of said access control bits provides a same set of access permissions; and
  • when said processing circuitry is in a second of said plurality of modes, using said predetermined number of access control bits to encode access permissions said plurality of different combinations of access control bits provide a plurality of different sets of access permissions in a non-redundant encoding.
  • Embodiments of the invention may also be provided in the form of a virtual machine comprising a general purpose computer controlled by a computer program to provide an execution environment for performing the above described techniques.
  • The above, and other objects, features and advantages of this invention will be apparent from the following detailed description of illustrative embodiments which is to be read in connection with the accompanying drawings.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 schematically illustrates a data processing system including a memory management unit responsive to page table data for controlling memory accesses;
  • FIG. 2 is a table illustrating the mapping between access control bits of page table data and the access permissions provided in a first mode of operation and in a second mode of operation;
  • FIG. 3 is a flow diagram schematically illustrating the action of the memory management unit decoding access permissions; and
  • FIG. 4 is a diagram schematically illustrating a virtual machine environment for implementing the above described techniques;
    •  DESCRIPTION OF THE EMBODIMENTS
  • FIG. 1 schematically illustrates a data processing system 2 including processing circuitry 4 in the form of processor core, coupled via a memory management unit 6 and a cache memory 8 to a main memory 10. The processing circuitry 4 includes a data path comprising a general purpose register bank 12, a multiplier 14, a shifter 16 and an adder 18 controlled by control signals generated by an instruction decoder 20 in response to program instructions passed along an instruction pipeline 22. The instruction decoder 20 is able to decode instructions from both a first instruction set and a second instruction set. A mode register 24 stores a mode value controlling the instruction decoder 20 to decode the program instructions from the instruction pipeline 22 as either instructions from the first instruction set (ISA0) or as instructions from the second instruction set (ISA1).
  • The processing circuitry 4 as well as operating in the two different modes described above corresponding to the use of two different instruction sets, is also able to operate within each of these modes at a plurality of different exception levels, namely a user level and a privilege level. An exception level register 26 stores data defining the current exception level of the processing circuitry 4. In dependence upon the current exception level as indicated in the exception level register 26, the processing circuitry 4 is able to access different resources within the data processing system 2. As will be familiar to those in this technical field, at a privileged level more access to resources is normally given than at a user level. For example, some configuration parameters or instructions may only be available for charging or execution at the privileged level and may not be available at the user level.
  • The processing circuitry 4 when generating memory accesses produces a virtual address VA which is translated to a physical address PA by the memory management unit 6. The memory management unit 6 is also responsible for managing the access permissions associated with memory pages into which the memory address space of the main memory 10 is divided. A translation lookaside buffer 28 within the memory management unit 6 performs the majority of virtual to physical address translations using a cached copy of the page table data 30 stored within the main memory 10. This page table data as well as specifying the virtual to physical address translation also specifies access permissions using access control bits.
  • When a memory access is received by the memory management unit 6 from the processing circuitry 4, the current mode and current exception level are checked against the access permissions to determine whether or not the memory access is authorised. Whether or not the memory access is authorised will also depend upon whether the memory access is a read memory access, a write memory access or an access seeking to fetch an instruction for execution from the memory page concerned.
  • The translated physical address PA output from the memory management unit 6 for a permitted memory access is passed to the cache memory 8. If the cache memory 8 is storing the data concerned, then that memory access is serviced by the cache memory 8. If the cache memory 8 is not storing the data concerned, then the memory access progresses to the main memory 10.
  • As illustrated in FIG. 1, the main memory includes a memory address space 32 divided into a plurality of memory pages 34, 36, 38 which can have different sizes and have different access permissions associated therewith. Also included within the memory address space 32 is the page table data 30 which stores the data defining the virtual to physical address mappings as well as the access control bits for controlling access permissions depending upon the mode of operation of the processing circuitry and the exception level of the processing circuitry 4.
  • FIG. 2 is a table illustrating the relationship between the access control bits stored within the page table data 30 for a given memory page and the access permissions provided by those access control bits in the first mode of operation in and the second mode of operation as well as the different exception levels within those modes of operation. As will be seen, there are four access control bits in this example embodiment.
  • A first access control bit 40 corresponds to an execute never control bit applicable in both the user level and the privileged level when the processing circuitry 4 is in the first mode executing the first instruction set. In the second mode when the processing circuitry 4 is executing the second instruction set, the first access control bit 40 serves as a user execute never control bit specifying whether or not execution is permitted for that memory page at the user level and having no control over whether or not execution is permitted from that memory page when at the privileged level.
  • A second access control bit 42 serves as a privilege execute never control bit. In the second mode of operation, the second access control bit 42 being the privilege execute never control bit and the first access control bit 40 being the user execute never control bit operate independently and orthogonally. In the first mode of operation the first access control bit 40 acting as an execute never control bit is able to override the indication of the second access control bit 42 serving as the privilege execute never control bit. Thus, if the first access control bit 40 indicates that a memory page is a never execute memory page, then execute permission will not be permitted within that memory page even if the privilege execute never control bit 42 indicates that privilege level execution is permitted.
  • This behaviour of the first access control bit 40 overriding the indication of the second access control bit 42 when in the first mode of operation leads to redundant encodings within the first mode of operation as marked in FIG. 2. Thus, different combinations of access control bits lead to the same access permissions within the first mode of operation corresponding to a waste of encoding bit space of the access control bits.
  • In the second mode of operation, the access control bits are decoded different and this redundancy is removed to provide a non-redundant encoding in which the access permissions given by the different combinations of access control bits correspond to different combinations of access permissions. One of the combinations of access permissions given in the second mode is the same as the single combination of access permissions which is given in the first mode, thereby assisting backward compatibility. This same set of access permissions is marked with the “#” in FIG. 2.
  • Within the first mode of operation of the processing circuitry 4 a memory page must be readable in order to be executable. This condition is not applied in the second mode of operation of the processing circuitry 4. The access permissions being execute only access permissions marked with a “*” in FIG. 2 correspond to a form of access permission which is not provided by the encoding within the first mode of operation.
  • As illustrated in FIG. 2, the upper half of the encoding of the access control bits provides write access for at least some combinations of the access control bits whereas in the bottom half of the table, no write access is permitted. The execute permissions provided when write access is available my be overridden by an execute control override parameter stored within a control register 44 of the memory management unit 6 as illustrated in FIG. 1. This execute control override parameter may be written under privileged level software control or may be set under hardware control if even greater security is desired. When the execute control override parameter is set, execute permission for a memory page that is writeable will not be permitted even if the first access control bit 40 and/or the second access control bit 42 indicate that execute permission is allowed.
  • FIG. 3 is a flow diagram illustrating the action of the memory management unit 6 in decoding the access permissions when a memory access is received. At step 46 the memory management unit 6 waits for a memory access to be received. At step 48 the access control bits for the memory page corresponding to that virtual address of the memory access are read. Such a read of the access control bits may be performed by a lookup in the translation lookaside buffer 28 if the memory page concerned has been recently accessed or may alternatively require a page table walk through the page table data 30 as will be familiar to those in this technical field.
  • At step 50 the access control bits are decoded in dependence upon the current mode of the processing circuitry (e.g. whether the processing circuitry is executing instructions of the first instruction set or instructions of the second instruction set) as well as the current exception level (e.g. whether the processing circuitry is at the user level or the privilege level) to determine the access permissions to be granted. This decoding is in accordance with the table of FIG. 2.
  • At step 52 the decoded access permissions are compared with the memory access being attempted and a determination is made as to whether or not the memory access being attempted is a permitted memory access. If the memory access is not permitted, then step 54 generates a memory abort. If the memory access is permitted, then step 56 outputs the physical address corresponding to the received virtual address and the memory access is permitted to pass to the cache memory 8 or the main memory 10 as appropriate.
  • FIG. 4 illustrates a virtual machine implementation that may be used. Whilst the earlier described embodiments implement the present invention in terms of apparatus and methods for operating specific processing hardware supporting the techniques concerned, it is also possible to provide so-called virtual machine implementations of hardware devices. These virtual machine implementations run on a host processor 530 running a host operating system 520 supporting a virtual machine program 510. Typically, large powerful processors are required to provide virtual machine implementations which execute at a reasonable speed, but such an approach may be justified in certain circumstances, such as when there is a desire to run code native to another processor for compatibility or re-use reasons. The virtual machine program 510 provides an application program interface to an application program 500 which is the same as the application program interface which would be provided by the real hardware which is the device being modelled by the virtual machine program 510. Thus, the program instructions, including the control of memory accesses described above, may be executed from within the application program 500 using the virtual machine program 510 to model their interaction with the virtual machine hardware.
  • Although illustrative embodiments of the invention have been described in detail herein with reference to the accompanying drawings, it is to be understood that the invention is not limited to those precise embodiments, and that various changes and modifications can be effected therein by one skilled in the art without departing from the scope and spirit of the invention as defined by the appended claims.

Claims (24)

I claim:
1. Apparatus for processing data comprising:
processing circuitry responsive to program instructions to perform data processing operations and configured to operate in a plurality of modes; and
memory management circuitry coupled to said processing circuitry and to a memory and configured to control access permissions to data values stored within said memory in dependence upon page table data; wherein
said memory has a memory address space divided in to a plurality of memory pages and said page table data comprises a plurality of access control bits for each of said plurality of memory pages defining access permissions for a respective memory page;
when said processing circuitry is in a first of said plurality of modes using a predetermined number of access control bits to encode access permissions, said memory management circuitry is responsive to at least one instance of a redundant encoding in which a plurality of different combinations of said access control bits provides a same set of access permissions; and
when said processing circuitry is in a second of said plurality of modes using said predetermined number of access control bits to encode access permissions, said memory management unit is responsive said plurality of different combinations of access control bits to provide a plurality of different sets of access permissions in a non-redundant encoding.
2. Apparatus as claimed in claim 1, wherein said plurality of different sets of access permissions include said same set of access permissions providing a set of access control bit values that are compatible between operation in said first of said plurality of modes and said second of said plurality of modes.
3. Apparatus as claimed in claim 1, wherein in said first of said modes said access permissions must specify that data values stored within a memory page are readable in order for said data values within said memory page to be executable.
4. Apparatus as claimed in claim 3, wherein in said second of said modes said access permissions need not specify that data values stored within a memory page are readable in order for said data values within said memory page to be executable, such that said data values may not be read as data, but said data values may be executed as instructions.
5. Apparatus as claimed in claim 1, wherein said processing circuitry is configured to operate at a plurality of exception levels within each of said plurality of modes, said plurality of exception levels including a user level and a privileged level, said privileged level providing greater access to resources of said apparatus.
6. Apparatus as claimed in claim 5, wherein a first of said access control bits controls said memory management circuitry selectively to prevent execution of instructions from a corresponding memory page when said processing circuitry is at both said user level and at said privileged level when said processing circuitry is in said first of said plurality of modes.
7. Apparatus as claimed in claim 6, said first of said access control bits controls said memory management circuitry selectively to prevent execution of instructions from a corresponding memory page when said processing circuitry is at said user level but not at said privileged level when said processing circuitry is in said second of said plurality of modes.
8. Apparatus as claimed in claim 6, wherein a second of said access control bits controls said memory management circuitry selectively to prevent execution of instructions from a corresponding memory page when said processing circuitry is at said privileged level when said processing circuitry is in both said first of said plurality of modes and said second of said plurality of modes.
9. Apparatus as claimed in claim 4, wherein for at least some combinations of said access control bits for a memory page when said processing circuitry is operating at said user level, said memory management circuitry permits execution of instructions from said memory page but does not permit read access and write access to said memory page.
10. Apparatus as claimed in claim 1, wherein when said access control bits provide write access to a memory page, said memory management circuitry is responsive to an execute control override parameter to prevent execution of instructions read from said memory page irrespective of any execute permission specified by said access control bits.
11. Apparatus as claimed in claim 1, wherein when operating in said first of said plurality of modes said processing circuitry is responsive to program instructions from a first instruction set and when operating in said second of said plurality of modes said processing circuitry is responsive to program instructions from a second instruction set.
12. Apparatus for processing data comprising:
processing means for performing data processing operations in response to program instructions, said processing means being configured to operate in a plurality of modes; and
memory management means coupled to said processing means and to a memory for controlling access permissions to data values stored within said memory in dependence upon page table data; wherein
said memory has a memory address space divided in to a plurality of memory pages and said page table data comprises a plurality of access control bits for each of said plurality of memory pages defining access permissions for a respective memory page;
when said processing means is in a first of said plurality of modes using a predetermined number of access control bits to encode access permissions, said memory management means is responsive to at least one instance of a redundant encoding in which a plurality of different combinations of said access control bits provides a same set of access permissions; and
when said processing means is in a second of said plurality of modes using said predetermined number of access control bits to encode access permissions, said memory management means is responsive said plurality of different combinations of access control bits to provide a plurality of different sets of access permissions in a non-redundant encoding.
13. A method of processing data comprising the steps of:
performing data processing operations with processing circuitry in response to program instructions, said processing circuitry being configured to operate in a plurality of modes; and
controlling access permissions to data values stored within said memory in dependence upon page table data; wherein
said memory has a memory address space divided in to a plurality of memory pages and said page table data comprises a plurality of access control bits for each of said plurality of memory pages defining access permissions for a respective memory page;
when said processing circuitry is in a first of said plurality of modes using a predetermined number of access control bits to encode access permissions, said access control bits provide to at least one instance of a redundant encoding in which a plurality of different combinations of said access control bits provides a same set of access permissions; and
when said processing circuitry is in a second of said plurality of modes using said predetermined number of access control bits to encode access permissions, said plurality of different combinations of access control bits provide a plurality of different sets of access permissions in a non-redundant encoding.
14. A method as claimed in claim 13, wherein said plurality of different sets of access permissions include said same set of access permissions providing a set of access control bit values that are compatible between operation in said first of said plurality of modes and said second of said plurality of modes.
15. A method as claimed in claim 13, wherein in said first of said modes said access permissions must specify that data values stored within a memory page are readable in order for said data values within said memory page to be executable.
16. A method as claimed in claim 15, wherein in said second of said modes said access permissions need not specify that data values stored within a memory page are readable in order for said data values within said memory page to be executable, such that said data values may not be read as data, but said data values may be executed as instructions.
17. A method as claimed in claim 13, wherein said processing circuitry is configured to operate at a plurality of exception levels within each of said plurality of modes, said plurality of exception levels including a user level and a privileged level, said privileged level providing greater access to resources of an apparatus performing said method.
18. A method as claimed in claim 17, wherein a first of said access control bits controls selective prevention of execution of instructions from a corresponding memory page when said processing circuitry is at both said user level and at said privileged level when said processing circuitry is in said first of said plurality of modes.
19. A method as claimed in claim 18, said first of said access control bits controls selective prevention of execution of instructions from a corresponding memory page when said processing circuitry is at said user level but not at said privileged level when said processing circuitry is in said second of said plurality of modes.
20. A method as claimed in claim 18, wherein a second of said access control bits controls said memory management circuitry selectively to prevent execution of instructions from a corresponding memory page when said processing circuitry is at said privileged level when said processing circuitry is in both said first of said plurality of modes and said second of said plurality of modes.
21. A method as claimed in claim 16, wherein for at least some combinations of said access control bits for a memory page when said processing circuitry is operating at said user level, execution of instructions from said memory page is permitted but read access and write access to said memory page is not permitted.
22. A method as claimed in claim 13, wherein when said access control bits provide write access to a memory page, an execute control override parameter serves to control prevention of execution of instructions read from said memory page irrespective of any execute permission specified by said access control bits.
23. A method as claimed in claim 13, wherein when operating in said first of said plurality of modes said processing circuitry is responsive to program instructions from a first instruction set and when operating in said second of said plurality of modes said processing circuitry is responsive to program instructions from a second instruction set.
24. A virtual machine comprising a computer program controlling a computer to perform a method as claimed in claim 13.
US13/067,812 2010-08-11 2011-06-28 Memory access control using redundant and non-redundant encoding Active 2032-06-19 US8788775B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1013466.6A GB2482700A (en) 2010-08-11 2010-08-11 Memory access control
GB1013466.6 2010-08-11

Publications (2)

Publication Number Publication Date
US20120042144A1 true US20120042144A1 (en) 2012-02-16
US8788775B2 US8788775B2 (en) 2014-07-22

Family

ID=42931473

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/067,812 Active 2032-06-19 US8788775B2 (en) 2010-08-11 2011-06-28 Memory access control using redundant and non-redundant encoding

Country Status (10)

Country Link
US (1) US8788775B2 (en)
EP (1) EP2603872B1 (en)
JP (1) JP5718463B2 (en)
KR (1) KR101861544B1 (en)
CN (1) CN103069398B (en)
GB (1) GB2482700A (en)
IL (1) IL223732A (en)
MY (1) MY168732A (en)
TW (1) TWI514135B (en)
WO (1) WO2012020236A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014105122A1 (en) * 2012-12-28 2014-07-03 Intel Corporation Access type protection of memory reserved for use by processor logic
US20140331019A1 (en) * 2013-05-06 2014-11-06 Microsoft Corporation Instruction set specific execution isolation
US8914615B2 (en) 2011-12-02 2014-12-16 Arm Limited Mapping same logical register specifier for different instruction sets with divergent association to architectural register file using common address format
US20160210069A1 (en) * 2015-01-21 2016-07-21 Bitdefender IPR Management Ltd. Systems and Methods For Overriding Memory Access Permissions In A Virtual Machine
US20180307627A1 (en) * 2015-10-20 2018-10-25 Arm Limited Memory access instructions
US20190171376A1 (en) * 2016-06-29 2019-06-06 Arm Limited Permission control for contingent memory access program instruction
CN110663024A (en) * 2017-05-25 2020-01-07 Arm有限公司 Apparatus and method for interpreting permissions associated with capabilities
EP3844651A4 (en) * 2018-08-30 2022-05-18 Micron Technology, Inc. Security configuration for memory address translation from object specific virtual address spaces to a physical address space
US11481241B2 (en) 2018-08-30 2022-10-25 Micron Technology, Inc. Virtual machine register in a computer processor
US11500665B2 (en) 2018-08-30 2022-11-15 Micron Technology, Inc. Dynamic configuration of a computer processor based on the presence of a hypervisor
US11544069B2 (en) 2018-10-25 2023-01-03 Micron Technology, Inc. Universal pointers for data exchange in a computer system having independent processors
US11561904B2 (en) 2018-08-30 2023-01-24 Micron Technology, Inc. Security configurations in page table entries for execution domains
US11914726B2 (en) 2018-08-30 2024-02-27 Micron Technology, Inc. Access control for processor registers based on execution domains
US12242653B2 (en) 2018-08-30 2025-03-04 Micron Technology, Inc. Domain crossing in executing instructions in computer processors

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8931108B2 (en) * 2013-02-18 2015-01-06 Qualcomm Incorporated Hardware enforced content protection for graphics processing units
JP5920595B2 (en) * 2013-07-16 2016-05-18 横河電機株式会社 Electronic device, operating system, and access management method
KR20150062745A (en) * 2013-11-29 2015-06-08 한국전자통신연구원 Apparatus and methdo for virtualization service
CN103824019B (en) * 2014-02-19 2017-03-08 青岛海信电器股份有限公司 A kind of data processing method being applied to DTV, processor and DTV
US10489309B2 (en) 2014-10-21 2019-11-26 Intel Corporation Memory protection key architecture with independent user and supervisor domains
TWI602185B (en) * 2015-03-04 2017-10-11 旺宏電子股份有限公司 Memory device and operating method of the same
US10102391B2 (en) 2015-08-07 2018-10-16 Qualcomm Incorporated Hardware enforced content protection for graphics processing units
US9767320B2 (en) 2015-08-07 2017-09-19 Qualcomm Incorporated Hardware enforced content protection for graphics processing units
GB2547912B (en) * 2016-03-02 2019-01-30 Advanced Risc Mach Ltd Register access control
GB2562102B (en) * 2017-05-05 2019-09-04 Advanced Risc Mach Ltd An apparatus and method for managing use of capabilities
GB2611823B (en) * 2021-10-18 2023-10-11 Advanced Risc Mach Ltd Technique for handling sealed capabilities

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020083251A1 (en) * 2000-08-21 2002-06-27 Gerard Chauvel Task based priority arbitration
US20020194389A1 (en) * 2001-06-08 2002-12-19 Worley William S. Secure machine platform that interfaces to operating systems and customized control programs
US20040243823A1 (en) * 2003-05-29 2004-12-02 Moyer William C. Method and apparatus for determining access permission
US20060026385A1 (en) * 2004-07-31 2006-02-02 Dinechin Christophe D Method for patching virtually aliased pages by a virtual-machine monitor
US20060218425A1 (en) * 2005-02-25 2006-09-28 Zhimin Ding Integrated microcontroller and memory with secure interface between system program and user operating system and application
US7278030B1 (en) * 2003-03-03 2007-10-02 Vmware, Inc. Virtualization system for computers having multiple protection mechanisms

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4890223A (en) * 1986-01-15 1989-12-26 Motorola, Inc. Paged memory management unit which evaluates access permissions when creating translator
JPS63240657A (en) * 1987-03-28 1988-10-06 Toshiba Corp Memory protecting device
IN169635B (en) * 1987-07-01 1991-11-23 Digital Equipment Corp
US4937736A (en) * 1987-11-30 1990-06-26 International Business Machines Corporation Memory controller for protected memory with automatic access granting capability
US5075845A (en) * 1989-12-22 1991-12-24 Intel Corporation Type management and control in an object oriented memory protection mechanism
US6349355B1 (en) * 1997-02-06 2002-02-19 Microsoft Corporation Sharing executable modules between user and kernel threads
US6629207B1 (en) * 1999-10-01 2003-09-30 Hitachi, Ltd. Method for loading instructions or data into a locked way of a cache memory
US7024544B2 (en) * 2003-06-24 2006-04-04 Via-Cyrix, Inc. Apparatus and method for accessing registers in a processor
GB2448151B (en) * 2007-04-03 2011-05-04 Advanced Risc Mach Ltd Memory domain based security control within data processing systems
US20090106498A1 (en) * 2007-10-23 2009-04-23 Kevin Michael Lepak Coherent dram prefetcher

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020083251A1 (en) * 2000-08-21 2002-06-27 Gerard Chauvel Task based priority arbitration
US20020194389A1 (en) * 2001-06-08 2002-12-19 Worley William S. Secure machine platform that interfaces to operating systems and customized control programs
US7278030B1 (en) * 2003-03-03 2007-10-02 Vmware, Inc. Virtualization system for computers having multiple protection mechanisms
US20040243823A1 (en) * 2003-05-29 2004-12-02 Moyer William C. Method and apparatus for determining access permission
US20060026385A1 (en) * 2004-07-31 2006-02-02 Dinechin Christophe D Method for patching virtually aliased pages by a virtual-machine monitor
US20060218425A1 (en) * 2005-02-25 2006-09-28 Zhimin Ding Integrated microcontroller and memory with secure interface between system program and user operating system and application

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8914615B2 (en) 2011-12-02 2014-12-16 Arm Limited Mapping same logical register specifier for different instruction sets with divergent association to architectural register file using common address format
WO2014105122A1 (en) * 2012-12-28 2014-07-03 Intel Corporation Access type protection of memory reserved for use by processor logic
US9720843B2 (en) 2012-12-28 2017-08-01 Intel Corporation Access type protection of memory reserved for use by processor logic
US20140331019A1 (en) * 2013-05-06 2014-11-06 Microsoft Corporation Instruction set specific execution isolation
US20160210069A1 (en) * 2015-01-21 2016-07-21 Bitdefender IPR Management Ltd. Systems and Methods For Overriding Memory Access Permissions In A Virtual Machine
US20180307627A1 (en) * 2015-10-20 2018-10-25 Arm Limited Memory access instructions
US11669467B2 (en) * 2015-10-20 2023-06-06 Arm Limited Memory access instructions
TWI722022B (en) * 2015-10-20 2021-03-21 英商Arm股份有限公司 Apparatus, method and computer program for processing data
US20190171376A1 (en) * 2016-06-29 2019-06-06 Arm Limited Permission control for contingent memory access program instruction
US10824350B2 (en) * 2016-06-29 2020-11-03 Arm Limited Handling contingent and non-contingent memory access program instructions making use of disable flag
US11023237B2 (en) * 2017-05-25 2021-06-01 Arm Limited Apparatus and method for interpreting permissions associated with a capability
TWI783996B (en) * 2017-05-25 2022-11-21 英商Arm股份有限公司 An apparatus and method for interpreting permissions associated with a capability
CN110663024A (en) * 2017-05-25 2020-01-07 Arm有限公司 Apparatus and method for interpreting permissions associated with capabilities
EP3844651A4 (en) * 2018-08-30 2022-05-18 Micron Technology, Inc. Security configuration for memory address translation from object specific virtual address spaces to a physical address space
US11481241B2 (en) 2018-08-30 2022-10-25 Micron Technology, Inc. Virtual machine register in a computer processor
US11500665B2 (en) 2018-08-30 2022-11-15 Micron Technology, Inc. Dynamic configuration of a computer processor based on the presence of a hypervisor
US11561904B2 (en) 2018-08-30 2023-01-24 Micron Technology, Inc. Security configurations in page table entries for execution domains
US11914726B2 (en) 2018-08-30 2024-02-27 Micron Technology, Inc. Access control for processor registers based on execution domains
US12056057B2 (en) 2018-08-30 2024-08-06 Lodestar Licensing Group Llc Security configurations in page table entries for execution domains
US12131178B2 (en) 2018-08-30 2024-10-29 Micron Technology, Inc. Dynamic configuration of a computer processor based on the presence of a hypervisor
US12242653B2 (en) 2018-08-30 2025-03-04 Micron Technology, Inc. Domain crossing in executing instructions in computer processors
US11544069B2 (en) 2018-10-25 2023-01-03 Micron Technology, Inc. Universal pointers for data exchange in a computer system having independent processors

Also Published As

Publication number Publication date
KR20130136436A (en) 2013-12-12
EP2603872B1 (en) 2015-08-19
GB2482700A (en) 2012-02-15
TW201207615A (en) 2012-02-16
JP2013533567A (en) 2013-08-22
JP5718463B2 (en) 2015-05-13
EP2603872A1 (en) 2013-06-19
MY168732A (en) 2018-11-29
IL223732A (en) 2015-07-30
CN103069398B (en) 2016-03-09
WO2012020236A1 (en) 2012-02-16
GB201013466D0 (en) 2010-09-22
US8788775B2 (en) 2014-07-22
KR101861544B1 (en) 2018-05-28
TWI514135B (en) 2015-12-21
CN103069398A (en) 2013-04-24

Similar Documents

Publication Publication Date Title
US8788775B2 (en) Memory access control using redundant and non-redundant encoding
JP5571201B2 (en) Limit memory area for read instructions based on hardware mode and security flags
JP6893216B2 (en) Devices and methods for controlling the use of bounded pointers
KR102605793B1 (en) Apparatus and method for managing the use of qualifications
JP2015523650A (en) Local clear control
JP7445431B2 (en) Apparatus and method for controlling execution of instructions
CN110663024B (en) Apparatus and method for interpreting rights associated with a capability
KR20230170976A (en) A technique for restricting access to memory using capabilities

Legal Events

Date Code Title Description
AS Assignment

Owner name: ARM LIMITED, UNITED KINGDOM

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GRISENTHWAITE, RICHARD ROY;REEL/FRAME:026619/0720

Effective date: 20110614

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551)

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载